thr3ads.net - Secure testing commits - [Secure-testing-commits] r9794

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-Sep-10 21:14 UTC
[Secure-testing-commits] r9794 - data/CVE

Author: joeyh
Date: 2008-09-10 21:14:09 +0000 (Wed, 10 Sep 2008)
New Revision: 9794

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-09-10 19:58:54 UTC (rev 9793)
+++ data/CVE/list	2008-09-10 21:14:09 UTC (rev 9794)
@@ -1,9 +1,217 @@
-CVE-2008-3962 [unitialized memory disclosure in ssmtp]
+CVE-2008-4018 (swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows
local ...)
+	TODO: check
+CVE-2008-4017
+	RESERVED
+CVE-2008-4016
+	RESERVED
+CVE-2008-4015
+	RESERVED
+CVE-2008-4014
+	RESERVED
+CVE-2008-4013
+	RESERVED
+CVE-2008-4012
+	RESERVED
+CVE-2008-4011
+	RESERVED
+CVE-2008-4010
+	RESERVED
+CVE-2008-4009
+	RESERVED
+CVE-2008-4008
+	RESERVED
+CVE-2008-4007
+	RESERVED
+CVE-2008-4006
+	RESERVED
+CVE-2008-4005
+	RESERVED
+CVE-2008-4004
+	RESERVED
+CVE-2008-4003
+	RESERVED
+CVE-2008-4002
+	RESERVED
+CVE-2008-4001
+	RESERVED
+CVE-2008-4000
+	RESERVED
+CVE-2008-3999
+	RESERVED
+CVE-2008-3998
+	RESERVED
+CVE-2008-3997
+	RESERVED
+CVE-2008-3996
+	RESERVED
+CVE-2008-3995
+	RESERVED
+CVE-2008-3994
+	RESERVED
+CVE-2008-3993
+	RESERVED
+CVE-2008-3992
+	RESERVED
+CVE-2008-3991
+	RESERVED
+CVE-2008-3990
+	RESERVED
+CVE-2008-3989
+	RESERVED
+CVE-2008-3988
+	RESERVED
+CVE-2008-3987
+	RESERVED
+CVE-2008-3986
+	RESERVED
+CVE-2008-3985
+	RESERVED
+CVE-2008-3984
+	RESERVED
+CVE-2008-3983
+	RESERVED
+CVE-2008-3982
+	RESERVED
+CVE-2008-3981
+	RESERVED
+CVE-2008-3980
+	RESERVED
+CVE-2008-3979
+	RESERVED
+CVE-2008-3978
+	RESERVED
+CVE-2008-3977
+	RESERVED
+CVE-2008-3976
+	RESERVED
+CVE-2008-3975
+	RESERVED
+CVE-2008-3974
+	RESERVED
+CVE-2008-3973
+	RESERVED
+CVE-2008-3972 (pkcs15-tool in OpenSC before 0.11.6 does not apply security
updates to ...)
+	TODO: check
+CVE-2008-3971 (Heap-based buffer overflow in the open_man_file function in ...)
+	TODO: check
+CVE-2008-3970 (pam_mount 0.10 through 0.45, when luserconf is enabled, does not
...)
+	TODO: check
+CVE-2008-3969 (Multiple unspecified vulnerabilities in BitlBee before 1.2.3
allow ...)
+	TODO: check
+CVE-2008-3968 (Cross-site scripting (XSS) vulnerability in userlist.php in
PunBB ...)
+	TODO: check
+CVE-2008-3967 (moderation.php in MyBB (aka MyBulletinBoard) before 1.4.1 does
not ...)
+	TODO: check
+CVE-2008-3966 (Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka
...)
+	TODO: check
+CVE-2008-3965 (SQL injection vulnerability in misc.php in MyBB (aka
MyBulletinBoard) ...)
+	TODO: check
+CVE-2008-3961
+	RESERVED
+CVE-2008-3960 (Unspecified vulnerability in the JDBC Applet Server Service (aka
...)
+	TODO: check
+CVE-2008-3959 (IBM DB2 UDB 8.1 before FixPak 16, and 8.2 before FixPak 9,
allows ...)
+	TODO: check
+CVE-2008-3958 (IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause
a ...)
+	TODO: check
+CVE-2008-3957 (The Microsoft Windows Image Acquisition Logger ActiveX control
allows ...)
+	TODO: check
+CVE-2008-3956 (orgchart.exe in Microsoft Organization Chart 2.00 allows
user-assisted ...)
+	TODO: check
+CVE-2008-3955 (SQL injection vulnerability in index.php in Masir Camp E-Shop
Module ...)
+	TODO: check
+CVE-2008-3954 (SQL injection vulnerability in index.php in AlstraSoft Forum Pay
Per ...)
+	TODO: check
+CVE-2008-3953 (SQL injection vulnerability in keyword_search_action.php in
Vastal ...)
+	TODO: check
+CVE-2008-3952 (SQL injection vulnerability in questions.php in EsFaq 2.0 allows
...)
+	TODO: check
+CVE-2008-3951 (SQL injection vulnerability in view_ann.php in Vastal I-Tech
Agent ...)
+	TODO: check
+CVE-2008-3950
+	RESERVED
+CVE-2008-3949
+	RESERVED
+CVE-2008-3948 (SQL injection vulnerability in admin/users/self-2.php in XRMS
allows ...)
+	TODO: check
+CVE-2008-3947 (DCL (aka the CLI) in OpenVMS Alpha 8.3 allows local users to
gain ...)
+	TODO: check
+CVE-2008-3946 (The finger client in HP TCP/IP Services for OpenVMS 5.x allows
local ...)
+	TODO: check
+CVE-2008-3945 (SQL injection vulnerability in index.php in Words tag 1.2 allows
...)
+	TODO: check
+CVE-2008-3944 (SQL injection vulnerability in index.php in ACG-PTP 1.0.6 allows
...)
+	TODO: check
+CVE-2008-3943 (SQL injection vulnerability in listtest.php in eZoneScripts
Living ...)
+	TODO: check
+CVE-2008-3942 (SQL injection vulnerability in landsee.php in Full PHP Emlak
Script ...)
+	TODO: check
+CVE-2008-3941 (Cross-site scripting (XSS) vulnerability in BizDirectory 2.04
and ...)
+	TODO: check
+CVE-2008-3940 (Format string vulnerability in the finger client in HP TCP/IP
Services ...)
+	TODO: check
+CVE-2008-3939 (Directory traversal vulnerability in the web interface in AVTECH
PageR ...)
+	TODO: check
+CVE-2008-3938 (Cross-site request forgery (CSRF) vulnerability in
user_admin.php in ...)
+	TODO: check
+CVE-2008-3937 (Multiple cross-site scripting (XSS) vulnerabilities in Open
Media ...)
+	TODO: check
+CVE-2008-3936 (The web interface in Dreambox DM500C allows remote attackers to
cause ...)
+	TODO: check
+CVE-2008-3935 (Cross-site scripting (XSS) vulnerability in DIC shop_v50 3.0 and
...)
+	TODO: check
+CVE-2008-3931 (javareconf in R 2.7.2 allows local users to overwrite arbitrary
files ...)
+	TODO: check
+CVE-2008-3930 (migrate_aliases.sh in Citadel Server 7.37 allows local users to
...)
+	TODO: check
+CVE-2008-3929 (gather-messages.sh in Ampache 3.4.1 allows local users to
overwrite ...)
+	TODO: check
+CVE-2008-3928 (test.sh in Honeyd 1.5c might allow local users to overwrite
arbitrary ...)
+	TODO: check
+CVE-2008-3927 (genmsgidx in Tiger 3.2.2 allows local users to overwrite or
delete ...)
+	TODO: check
+CVE-2008-3926 (Multiple directory traversal vulnerabilities in Content
Management ...)
+	TODO: check
+CVE-2008-3925 (Cross-site request forgery (CSRF) vulnerability in admin.php in
...)
+	TODO: check
+CVE-2008-3924 (The &quot;Make a backup&quot; functionality in Content
Management Made Easy ...)
+	TODO: check
+CVE-2008-3923 (Multiple cross-site scripting (XSS) vulnerabilities in
statistics.php ...)
+	TODO: check
+CVE-2008-3922 (awstatstotals.php in AWStats Totals 1.0 through 1.14 allows
remote ...)
+	TODO: check
+CVE-2008-3921 (Multiple cross-site scripting (XSS) vulnerabilities in AWStats
Totals ...)
+	TODO: check
+CVE-2008-3919 (Unspecified vulnerability in multiple JustSystems Ichitaro
products ...)
+	TODO: check
+CVE-2008-3918 (SQL injection vulnerability in index.php in Ovidentia 6.6.5
allows ...)
+	TODO: check
+CVE-2008-3917 (Cross-site scripting (XSS) vulnerability in index.php in
Ovidentia ...)
+	TODO: check
+CVE-2008-3916 (Heap-based buffer overflow in the strip_escapes function in
signal.c ...)
+	TODO: check
+CVE-2008-3915 (Buffer overflow in nfsd in the Linux kernel before 2.6.26.4,
when ...)
+	TODO: check
+CVE-2008-3911 (The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux
kernel ...)
+	TODO: check
+CVE-2008-3906 (CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier
allows ...)
+	TODO: check
+CVE-2008-3905 (resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287,
1.8.7 ...)
+	TODO: check
+CVE-2008-3903 (Asterisk PBX 1.2 through 1.6 and Trixbox PBX 2.6.1, when running
with ...)
+	TODO: check
+CVE-2008-3902 (HP firmware 68DTT F.0D stores pre-boot authentication passwords
in the ...)
+	TODO: check
+CVE-2007-6717 (Buffer overflow in tftp in bos.net.tcp.client in IBM AIX 5.2.0
and ...)
+	TODO: check
+CVE-2007-6716 (fs/direct-io.c in the dio subsystem in the Linux kernel before
2.6.23 ...)
+	TODO: check
+CVE-2008-3962 (The from_format function in ssmtp.c in ssmtp 2.62, in certain
...)
 	- ssmtp <unfixed> (low; bug #498366)
-CVE-2008-3963 [DoS in mysql via empty bit-string literal
(b'''')]
+CVE-2008-3963 (MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6
does ...)
 	- mysql-dfsg-5.0 <unfixed> (low; bug #498362)
 begin claimed by white
-CVE-2008-3964 [libpng off-by-one error]
+CVE-2008-3964 (Multiple off-by-one errors in libpng before 1.2.32beta01, and
1.4 ...)
 	- libpng <unfixed>
 	NOTE: off-by-one error in pngpread.c is not present, must have
 	NOTE: been introduced later, but I think pngtest.c is affected
@@ -13,11 +221,11 @@
 CVE-2008-XXXX [multiple heap based overflows in xine-lib]
 	- xine-lib <unfixed> (medium; bug #498243)
 	NOTE: CVE ids requested
-CVE-2008-3912 [out-of-memory null dereference in clamav]
+CVE-2008-3912 (libclamav in ClamAV before 0.94 allows attackers to cause a
denial of ...)
 	- clamav 0.94.dfsg-1
-CVE-2008-3913 [error path memleaks in clamav]
+CVE-2008-3913 (Multiple memory leaks in freshclam/manager.c in ClamAV before
0.94 ...)
 	- clamav 0.94.dfsg-1
-CVE-2008-3914 [file descriptor leaks in clamav]
+CVE-2008-3914 (Multiple unspecified vulnerabilities in ClamAV before 0.94 have
...)
 	- clamav 0.94.dfsg-1
 CVE-2008-XXXX [buffer overflow via crafted configuration file (COMMAND)]
 	- gmanedit <unfixed> (low; bug #497835)
@@ -25,18 +233,18 @@
 CVE-2008-XXXX [buffer overflow via crafted manual page caused by utf8
conversion]
 	- gmanedit <unfixed> (medium; bug #497835)
 	NOTE: CVE id requested
-CVE-2008-3934 [DoS via a crafted Tektronix .rf5 file]
+CVE-2008-3934 (Unspecified vulnerability in Wireshark (formerly Ethereal)
0.99.6 ...)
 	- wireshark <unfixed> (bug #497878)
-CVE-2008-3933 [DoS via a packet with crafted zlib-compressed data]
+CVE-2008-3933 (Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows
attackers ...)
 	- wireshark <unfixed> (low; bug #497878)
-CVE-2008-3932 [DoS via a crafted NCP packet]
+CVE-2008-3932 (Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allows
attackers to ...)
 	- wireshark <unfixed> (low; bug #497878)
-CVE-2008-3904 [gpicview code execution via crafted file name]
+CVE-2008-3904 (src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop ...)
 	- gpicview 0.1.9-2 (low; bug #498022)
-CVE-2008-3909 [CSRF in python-django]
+CVE-2008-3909 (The administration application in Django 0.91, 0.95, and 0.96
stores ...)
 	- python-django 1.0-1
 	NOTE: http://www.djangoproject.com/weblog/2008/sep/02/security/
-CVE-2008-3910 [dns2tcp buffer overflow]
+CVE-2008-3910 (dns2tcp before 0.4.1 does not properly handle negative values in
a ...)
 	- dns2tcp 0.4.dfsg-2 (medium; bug #497730)
 CVE-2008-3901 (Software suspend 2 2-2.2.1, when used with the Linux kernel
2.6.16, ...)
 	TODO: check
@@ -62,8 +270,8 @@
 	NOT-FOR-US: VMware COM API
 CVE-2008-3891 (The SAML Single Sign-On (SSO) Service for Google Apps allows
remote ...)
 	NOT-FOR-US: SAML Service for Google Apps
-CVE-2008-3890
-	RESERVED
+CVE-2008-3890 (The kernel in FreeBSD 6.3 through 7.0 on amd64 platforms can
make an ...)
+	TODO: check
 CVE-2008-3888 (SQL injection vulnerability in members.asp in Mini-NUKE Freehost
2.3 ...)
 	NOT-FOR-US: Mini-NUKE Freehost
 CVE-2008-3887 (Multiple SQL injection vulnerabilities in index.php in
dotProject ...)
@@ -128,7 +336,7 @@
 	NOT-FOR-US: IBM DB2
 CVE-2008-3857 (The Base Service Utilities component in IBM DB2 9.1 before
Fixpak 5 ...)
 	NOT-FOR-US: IBM DB2
-CVE-2008-3856 (The routine infrastructure component in IBM DB2 9.1 before
Fixpak 5 on ...)
+CVE-2008-3856 (The routine infrastructure component in IBM DB2 9.1 before
Fixpak 5, ...)
 	NOT-FOR-US: IBM DB2
 CVE-2008-3855 (Unspecified vulnerability in the DB2 Administration Server (DAS)
in ...)
 	NOT-FOR-US: IBM DB2
@@ -161,14 +369,14 @@
 	- postfix 2.5.5-1 (low)
 	[etch] - postfix <not-affected> (Vulnerable code not present)
 	NOTE: http://www.postfix.org/announcements/20080902.html
-CVE-2008-3908 [several overflows in wordnet]
+CVE-2008-3908 (Multiple buffer overflows in Princeton WordNet (wn) 3.0 allow
...)
 	{DSA-1634-1 DTSA-163-1}
 	- wordnet 1:3.0-12 (medium; bug #497441)
 	[lenny] - wordnet 3.0-11+lenny1
 	[etch] - wordnet 1:2.1-4+etch1
 	NOTE: 1:3.0-12 had a regression and the patch was slightly updated
 	NOTE: by 1:3.0-13 to fix this bug
-CVE-2008-3907 [code execution in newsbeuter via crafted url when opened in
external browser]
+CVE-2008-3907 (The open-in-browser command in newsbeuter before 1.1 allows
remote ...)
 	{DTSA-164-1 DTSA-164-2}
 	[lenny] - newsbeuter 0.9.1-1+lenny3
 	- newsbeuter 1.2-1 (medium)
@@ -179,7 +387,7 @@
 CVE-2008-XXXX [NULL pointer reference]
 	- bitlbee 1.2.2-1
 	NOTE: CVE id requested on oss-sec
-CVE-2008-3920 [Overwrite current accounts]
+CVE-2008-3920 (Unspecified vulnerability in BitlBee before 1.2.2 allows remote
...)
 	- bitlbee 1.2.2-1
 end claimed by white
 CVE-2008-XXXX [GNU ed: heap overflow in CLI processing]
@@ -687,8 +895,8 @@
 	NOT-FOR-US: Sun Solaris 10
 CVE-2008-3665
 	RESERVED
-CVE-2008-3664
-	RESERVED
+CVE-2008-3664 (Multiple cross-site scripting (XSS) vulnerabilities in XRMS
allow ...)
+	TODO: check
 CVE-2008-3663
 	RESERVED
 CVE-2008-3662
@@ -759,32 +967,32 @@
 	RESERVED
 CVE-2008-3637
 	RESERVED
-CVE-2008-3636
-	RESERVED
-CVE-2008-3635
-	RESERVED
-CVE-2008-3634
-	RESERVED
+CVE-2008-3636 (Integer overflow in an unspecified third-party driver bundled
with ...)
+	TODO: check
+CVE-2008-3635 (Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an
...)
+	TODO: check
+CVE-2008-3634 (Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music
Sharing ...)
+	TODO: check
 CVE-2008-3633
 	RESERVED
-CVE-2008-3632
-	RESERVED
-CVE-2008-3631
-	RESERVED
-CVE-2008-3630
-	RESERVED
-CVE-2008-3629
-	RESERVED
-CVE-2008-3628
-	RESERVED
-CVE-2008-3627
-	RESERVED
-CVE-2008-3626
-	RESERVED
-CVE-2008-3625
-	RESERVED
-CVE-2008-3624
-	RESERVED
+CVE-2008-3632 (Use-after-free vulnerability in WebKit in Apple iPod touch 1.1
through ...)
+	TODO: check
+CVE-2008-3631 (Application Sandbox in Apple iPod touch 2.0 through 2.0.2 does
not ...)
+	TODO: check
+CVE-2008-3630 (mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an
...)
+	TODO: check
+CVE-2008-3629 (Apple QuickTime before 7.5.5 allows remote attackers to cause a
denial ...)
+	TODO: check
+CVE-2008-3628 (Apple QuickTime before 7.5.5 on Windows allows remote attackers
to ...)
+	TODO: check
+CVE-2008-3627 (Apple QuickTime before 7.5.5 does not properly handle (1) MDAT
atoms ...)
+	TODO: check
+CVE-2008-3626 (The CallComponentFunctionWithStorage function in Apple QuickTime
...)
+	TODO: check
+CVE-2008-3625 (Stack-based buffer overflow in Apple QuickTime before 7.5.5
allows ...)
+	TODO: check
+CVE-2008-3624 (Heap-based buffer overflow in Apple QuickTime before 7.5.5
allows ...)
+	TODO: check
 CVE-2008-3623
 	RESERVED
 CVE-2008-3622
@@ -801,14 +1009,14 @@
 	RESERVED
 CVE-2008-3616
 	RESERVED
-CVE-2008-3615
-	RESERVED
-CVE-2008-3614
-	RESERVED
+CVE-2008-3615 (An unspecified third-party Indeo v5 codec for QuickTime, when
used ...)
+	TODO: check
+CVE-2008-3614 (Integer overflow in Apple QuickTime before 7.5.5 on Windows
allows ...)
+	TODO: check
 CVE-2008-3613
 	RESERVED
-CVE-2008-3612
-	RESERVED
+CVE-2008-3612 (The Networking subsystem in Apple iPod touch 2.0 through 2.0.2
uses ...)
+	TODO: check
 CVE-2008-3611
 	RESERVED
 CVE-2008-3610
@@ -953,8 +1161,8 @@
 	RESERVED
 CVE-2008-3540
 	RESERVED
-CVE-2008-3539
-	RESERVED
+CVE-2008-3539 (Unspecified vulnerability in HP OpenView Select Identity (HPSI)
...)
+	TODO: check
 CVE-2008-3538 (Unspecified vulnerability in HP Enterprise Discovery 2.0 through
2.52 ...)
 	NOT-FOR-US: HP Enterprise Discovery
 CVE-2008-3537 (Unspecified vulnerability in ovalarmsrv in HP OpenView Network
Node ...)
@@ -975,10 +1183,10 @@
 	{DTSA-154-1}
 	- yelp 2.22.1-4 (low)
 	[etch] - yelp <not-affected> (Vulnerable code not present)
-CVE-2008-3531
-	RESERVED
-CVE-2008-3530
-	RESERVED
+CVE-2008-3531 (Stack-based buffer overflow in sys/kern/vfs_mount.c in the
kernel in ...)
+	TODO: check
+CVE-2008-3530 (sys/netinet6/icmp6.c in the kernel in FreeBSD 6.3 through 7.1
does not ...)
+	TODO: check
 CVE-2008-3529
 	RESERVED
 CVE-2008-3528
@@ -1819,7 +2027,7 @@
 	NOT-FOR-US: OllyDBG/ImpREC
 CVE-2008-3147 (WeFi 3.2.1.4.1, when diagnostic mode is enabled, stores (1) WEP,
(2) ...)
 	NOT-FOR-US: WeFi
-CVE-2008-3146 (Unspecified vulnerability in Wireshark and Ethereal on SUSE
Linux ...)
+CVE-2008-3146 (Multiple buffer overflows in packet_ncp2222.inc in Wireshark
(formerly ...)
 	- wireshark <unfixed> (medium; bug #497878)
 CVE-2008-3144 (Multiple integer overflows in the PyOS_vsnprintf function in
...)
 	{DTSA-157-1}
@@ -2139,24 +2347,24 @@
 	RESERVED
 CVE-2008-3016
 	RESERVED
-CVE-2008-3015
-	RESERVED
-CVE-2008-3014
-	RESERVED
-CVE-2008-3013
-	RESERVED
-CVE-2008-3012
-	RESERVED
+CVE-2008-3015 (Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP
SP3, ...)
+	TODO: check
+CVE-2008-3014 (Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet
Explorer ...)
+	TODO: check
+CVE-2008-3013 (gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1,
Windows XP ...)
+	TODO: check
+CVE-2008-3012 (gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1,
Windows XP ...)
+	TODO: check
 CVE-2008-3011
 	RESERVED
 CVE-2008-3010
 	RESERVED
 CVE-2008-3009
 	RESERVED
-CVE-2008-3008
-	RESERVED
-CVE-2008-3007
-	RESERVED
+CVE-2008-3008 (Buffer overflow in a certain ActiveX control in wmex.dll in
Microsoft ...)
+	TODO: check
+CVE-2008-3007 (Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System
Gold and ...)
+	TODO: check
 CVE-2008-3006 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and
2007 ...)
 	NOT-FOR-US: Microsoft Office Excel
 CVE-2008-3005 (Array index vulnerability in Microsoft Office Excel 2000 SP3 and
2002 ...)
@@ -2826,16 +3034,16 @@
 	RESERVED
 CVE-2008-2737
 	REJECTED
-CVE-2008-2736
-	RESERVED
-CVE-2008-2735
-	RESERVED
-CVE-2008-2734
-	RESERVED
-CVE-2008-2733
-	RESERVED
-CVE-2008-2732
-	RESERVED
+CVE-2008-2736 (Unspecified vulnerability in Cisco Adaptive Security Appliance
(ASA) ...)
+	TODO: check
+CVE-2008-2735 (The HTTP server in Cisco Adaptive Security Appliance (ASA) 5500
...)
+	TODO: check
+CVE-2008-2734 (Memory leak in the crypto functionality in Cisco Adaptive
Security ...)
+	TODO: check
+CVE-2008-2733 (Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.2
...)
+	TODO: check
+CVE-2008-2732 (Multiple unspecified vulnerabilities in the SIP inspection ...)
+	TODO: check
 CVE-2008-2731
 	RESERVED
 CVE-2008-2730 (The Real-Time Information Server (RIS) Data Collector service in
Cisco ...)
@@ -2844,15 +3052,17 @@
 	{DSA-1630-1}
 	- linux-2.6 2.6.19-1
 	NOTE: 3022d734a54cbd2b65eea9a024564821101b4a9a
-CVE-2008-2728 (Integer overflow in the rb_ary_splice function in Ruby 1.6.x
allows ...)
+CVE-2008-2728
+	REJECTED
 	NOT-FOR-US: only Ruby 1.6 is affected
-CVE-2008-2727 (Integer overflow in the rb_ary_splice function in Ruby 1.6.x
allows ...)
+CVE-2008-2727
+	REJECTED
 	NOT-FOR-US: only Ruby 1.6 is affected
-CVE-2008-2726 (Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and
...)
+CVE-2008-2726 (Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4
and ...)
 	{DSA-1618-1 DSA-1612-1}
 	- ruby1.9 1.9.0.2-1
 	- ruby1.8 1.8.7.22-1
-CVE-2008-2725 (Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and
...)
+CVE-2008-2725 (Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4
and ...)
 	{DSA-1618-1 DSA-1612-1}
 	- ruby1.9 1.9.0.2-1
 	- ruby1.8 1.8.7.22-1
@@ -3211,7 +3421,7 @@
 	NOT-FOR-US: 427BB
 CVE-2008-2654 (Off-by-one error in the read_client function in webhttpd.c in
Motion ...)
 	- motion 3.2.9-3 (low; bug #484572)
-CVE-2008-2667 (SQL injection vulnerability in courier-authlib in SUSE openSUSE
10.3 ...)
+CVE-2008-2667 (SQL injection vulnerability in the Courier Authentication
Library (aka ...)
 	- courier-authlib 0.60.1-2.1 (bug #485424)
 CVE-2008-XXXX [missing sanity checks allow DoS via mis-formated timestamp]
 	- evolution 2.22.2-1.1 (low; bug #484639)
@@ -3406,8 +3616,8 @@
 	RESERVED
 CVE-2008-2465
 	RESERVED
-CVE-2008-2464
-	RESERVED
+CVE-2008-2464 (The mld_input function in sys/netinet6/mld6.c in the kernel in
NetBSD ...)
+	TODO: check
 CVE-2008-2463 (The Microsoft Office Snapshot Viewer ActiveX control in
snapview.ocx, ...)
 	NOT-FOR-US: Microsoft Office Snapshot Viewer ActiveX
 CVE-2008-2462 (Cross-site scripting (XSS) vulnerability in the viewfile
documentation ...)
@@ -3452,8 +3662,8 @@
 	NOT-FOR-US: Real Estate Script
 CVE-2008-2442
 	RESERVED
-CVE-2008-2441
-	RESERVED
+CVE-2008-2441 (Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x,
4.1.x ...)
+	TODO: check
 CVE-2008-2440
 	RESERVED
 CVE-2008-2439
@@ -3462,8 +3672,8 @@
 	RESERVED
 CVE-2008-2437
 	RESERVED
-CVE-2008-2436
-	RESERVED
+CVE-2008-2436 (Multiple heap-based buffer overflows in the IppCreateServerRef
...)
+	TODO: check
 CVE-2008-2435
 	RESERVED
 CVE-2008-2434
@@ -3717,11 +3927,11 @@
 	RESERVED
 CVE-2008-2328
 	RESERVED
-CVE-2008-2327 (Multiple buffer underflows in the (1) LZWDecode and (2) ...)
+CVE-2008-2327 (Multiple buffer underflows in the (1) LZWDecode, (2)
LZWDecodeCompat, ...)
 	{DSA-1632-1 DTSA-160-1}
 	- tiff 3.8.2-11 (medium)
-CVE-2008-2326
-	RESERVED
+CVE-2008-2326 (mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour
for ...)
+	TODO: check
 CVE-2008-2325 (QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote
attackers ...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2008-2324 (The Repair Permissions tool in Disk Utility in Apple Mac OS X
10.4.11 ...)
@@ -3870,8 +4080,8 @@
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2008-2254 (Microsoft Internet Explorer 6 and 7 accesses uninitialized
memory, ...)
 	NOT-FOR-US: Microsoft Internet Explorer
-CVE-2008-2253
-	RESERVED
+CVE-2008-2253 (Unspecified vulnerability in Microsoft Windows Media Player 11
allows ...)
+	TODO: check
 CVE-2008-2252
 	RESERVED
 CVE-2008-2251
@@ -4890,13 +5100,13 @@
 CVE-2008-1809 (Heap-based buffer overflow in Novell eDirectory 8.7.3 before
...)
 	NOT-FOR-US: Novell eDirectory
 CVE-2008-1808 (Multiple off-by-one errors in FreeType2 before 2.3.6 allow ...)
-	{DTSA-139-1}
+	{DSA-1635-1 DTSA-139-1}
 	- freetype 2.3.6-1 (low; bug #485841)
 CVE-2008-1807 (FreeType2 before 2.3.6 allow context-dependent attackers to
execute ...)
-	{DTSA-139-1}
+	{DSA-1635-1 DTSA-139-1}
 	- freetype 2.3.6-1 (medium; bug #485841)
 CVE-2008-1806 (Integer overflow in FreeType2 before 2.3.6 allows
context-dependent ...)
-	{DTSA-139-1}
+	{DSA-1635-1 DTSA-139-1}
 	- freetype 2.3.6-1 (medium; bug #485841)
 CVE-2008-1805 (Incomplete blacklist vulnerability in Skype 3.6.0.248, and other
...)
 	NOT-FOR-US: Skype
@@ -5048,8 +5258,8 @@
 	NOT-FOR-US: Cisco firmware
 CVE-2008-1740 (The Presence Engine (PE) service in Cisco Unified Presence
before ...)
 	NOT-FOR-US: Cisco firmware
-CVE-2008-1739
-	RESERVED
+CVE-2008-1739 (Apple QuickTime before 7.4.5 allows remote attackers to cause a
denial ...)
+	TODO: check
 CVE-2008-1738 (Rising Antivirus 2008 before 20.38.20 allows local users to
cause a ...)
 	NOT-FOR-US: Rising Antivirus
 CVE-2008-1737 (Sophos Anti-Virus 7.0.5, and other 7.x versions, when Runtime
...)
@@ -5896,8 +6106,7 @@
 	- asterisk 1:1.4.19.1~dfsg-1 (low)
 	[etch] - asterisk <not-affected> (Only 1.4.x affected)
 	[sarge] - asterisk <not-affected> (Only 1.4.x affected)
-CVE-2008-1389 [possible invalid memory access in clamav]
-	RESERVED
+CVE-2008-1389 (libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94
allows ...)
 	- clamav 0.94.dfsg-1
 CVE-2008-1388
 	RESERVED
@@ -6368,8 +6577,8 @@
 	NOT-FOR-US: Microsoft Access
 CVE-2008-1198 (The default IPSec ifup script in Red Hat Enterprise Linux 3
through 5 ...)
 	NOT-FOR-US: Red Hat specific
-CVE-2008-1197
-	RESERVED
+CVE-2008-1197 (The Marvell driver for the Netgear WN802T Wi-Fi access point
with ...)
+	TODO: check
 CVE-2008-1196 (Stack-based buffer overflow in Java Web Start (javaws.exe) in
Sun JDK ...)
 	- sun-java6 6-05-1 (medium)
 	- sun-java5 1.5.0-15-1 (medium)
@@ -6511,8 +6720,8 @@
 	[etch] - kfreebsd-5 <no-dsa> (KFreebsd not supported)
 	- kfreebsd-6 <unfixed> (bug #483152)
 	- kfreebsd-7 <unfixed> (bug #483152)
-CVE-2008-1144
-	RESERVED
+CVE-2008-1144 (The Marvell driver for the Netgear WN802T Wi-Fi access point
with ...)
+	TODO: check
 CVE-2008-1143
 	RESERVED
 CVE-2008-1141 (Memory leak in DLMFENC.sys 1.0.0.26 in DESlock+ 3.2.6 and
earlier ...)
@@ -12816,8 +13025,8 @@
 	NOT-FOR-US: Opera specific flash vulnerability
 CVE-2007-5475
 	RESERVED
-CVE-2007-5474
-	RESERVED
+CVE-2007-5474 (The driver for the Linksys WRT350N Wi-Fi access point with
firmware ...)
+	TODO: check
 CVE-2007-5473 (StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when
...)
 	- mono <not-affected> (Windows-specific vulnerability)
 CVE-2007-5472 (Cross-site scripting (XSS) vulnerability in the Server component
in CA ...)
@@ -13271,8 +13480,8 @@
 	NOT-FOR-US: Microsoft Vista
 CVE-2007-5349
 	RESERVED
-CVE-2007-5348
-	RESERVED
+CVE-2007-5348 (Heap-based buffer overflow in the vector graphics link library
in ...)
+	TODO: check
 CVE-2007-5347 (Microsoft Internet Explorer 5.01 through 7 allows remote
attackers to ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2007-5346
@@ -46166,7 +46375,7 @@
 CVE-2005-3500 (The tnef_attachment function in tnef.c for Clam AntiVirus
(ClamAV) ...)
 	{DSA-887-1 DTSA-21-1}
 	- clamav 0.87.1-1 (medium)
-CVE-2005-3501 (The cabd_find function in cabd.c of the the libmspack library
(mspack) ...)
+CVE-2005-3501 (The cabd_find function in cabd.c of the libmspack library
(mspack) for ...)
 	{DSA-887-1 DTSA-21-1}
 	- clamav 0.87.1-1 (medium)
 CVE-2005-3482 (Cisco 1200, 1131, and 1240 series Access Points, when operating
in ...)
Secure testing commits - Sep 2008 - r9794 - data/CVE

[Secure-testing-commits] r9794 - data/CVE
